WordPress <= 4.2 – Unauthenticated Stored Cross-Site Scripting (XSS) | CVE 2015-3440

Affects WordPress

4.2

Fixed in WordPress 4.2.1

4.1.1

Fixed in WordPress 4.2.1

3.9.3

Fixed in WordPress 4.2.1

4.1.2

Fixed in WordPress 4.2.1

References

CVE

CVE-2015-3440

Exploitdb

36844

URL

https://packetstormsecurity.com/files/#131644/

URL

https://klikki.fi/adv/wordpress2.html

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CWE-79

Miscellaneous

Submitter

ethicalhack3r

Submitter twitter

ethicalhack3r

Verified

Yes

WPVDB ID

8051e64b-f73e-45ce-a853-02b8e425155b

Timeline

Publicly Published

2015-04-26 (about 9 years ago)

Added

2015-04-27 (about 9 years ago)

Last Updated

2019-11-28 (about 4 years ago)

Other

Published

Title

Published

2014-08-01

Title

Wp-UserOnline < 2.70 - Stored Cross-Site Scripting (XSS)

Published

2016-11-08

Title

Caldera Forms < 1.4.2 - Cross Site Scripting

Published

2024-03-28

Title

OpenStreetMap for Gutenberg and WPBakery Page Builder (formerly Visual Composer) < 1.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

Published

2024-05-17

Title

DethemeKit For Elementor < 2.1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets

Published

2022-02-15

Title

Persian Woocommerce < 5.9.8 - Reflected Cross-Site Scripting